Alan Kohler is one of Australia’s most experienced business commentators. Alan has been a trusted source of investment advice to Australians for many years, and in 2005 he founded Eureka Report - Australia’s #1 online investment report. Along with Robert Gottliebsen and Stephen Bartholomeusz, Alan also founded Business Spectator, the popular business news and commentary website. Alan is the regular finance presenter on the ABC News and producer of the popular nightly graph (or two).

A dangerous cyber security disconnect

I'm starting to think there's a complete disconnect in the security industry between what vendors are trying to sell and what's best for organisations to concentrate on.

For me, the penny dropped during the recent Security 2012 event in Sydney.

One the one hand, the trade show floor was packed with surveillance gear, especially the latest in video cameras and the massive data storage systems needed to store all their high-definition footage should it ever be needed.

"Having done the #security2012 hall I realise that security in 2012 is that everything is a threat and you should record it all in 1080p," tweeted Gavin Costello, a security product manager.

Costello is right. The range of video surveillance products now available ensures that nothing need be left unrecorded.

Cameras for indoors and outdoors. Infrared cameras for use in the dark. Trailer-mounted camera masts that can be set up wherever surveillance might be needed at short notice. Even sub-$200 webcam-style cameras so you can turn your own home into a panopticon.

It's the same mindset behind the rhetoric that says information security is a big data problem and, as RSA executive chairman Art Coviello put it earlier this year, we're only held back by slow-moving governments and their pesky privacy laws.

If only we can collect that one missing piece of information then everything would make sense.

(In a similar way Mark Zuckerberg seems to believe, at a personal level, that if only he had that one last piece of data about another person then he'd understand them. Hence Facebook.)

But on the other hand, the message delivered upstairs in Security 2012's conference stream was rather different.

Security isn't about mindlessly gathering ever more data, but developing a better understanding of the data you do have, gained through better sharing of information and knowledge with your allies.

Even Attorney-General Nicola Roxon stressed this in her otherwise routine keynote.

"The 9/11 Commission identified that if information had been shared more effectively, the ability of the US intelligence systems to either prevent or mitigate the effects of the terrorist attacks would have been improved," Roxon said.

"We now see the mantra of managing information has moved from a basis of 'need to know' more to the basis of 'need to share'."

Security certainly isn't about technology and standards, but about the ever-present human factor.

"The [ISO] standard for IT, this 27000 series, will not protect you from the type of cybercrime that we're talking about when we talk about state-based espionage or high-level criminal attack," Jason Brown, national security manager for defence contractor Thales Australia.

"It's actually the culture of the organisation, the capacity for [staff] to say 'There's something wrong with this message' or 'I've got a problem with my system' and do it really quickly," he said.

"Every employee needs to be thinking about security the same way they think about brushing their teeth each morning," Brown said.